Re: printf vs puts

fets: Reads characters from input and stores them into a string until a newline character ('\n') or '\0' is reached.
scanf: Reads formatted data from the input (can be a string, float, integer, or whatever).

So, gets and puts are for basic reading and writing of strings, and scanf and printf are more advanced and can read/write formatted data.

Re: printf vs puts

Posted 12 August 2008 - 10:17 AM

Got it! Thanks people.

Analogous to defining the int vs the float number variable, the sole advantage of the puts() and gets() functions is their economy of size. Yes? Like defining int if you can get away with it. "Save a penny, earn a penny", as my grandmother used to say.

Re: printf vs puts

I just use puts() when I can because it's slightly faster to type. Maybe it runs faster than printf(), but I doubt you would ever notice a performance difference in a real world application.

Integers on most systems certainly take up less memory than floating points, but that's not usually the reason you would choose one of them over the other in my opinion.

You can't increment a floating point, floating point math is slower than integer math, you can't use floating points as array indices, etc.

Use integers when they make sense, use floating points when they're necessary. F.ex. if you're counting people you hopefully wouldn't ever have half a person, so using floating points wouldn't make sense in that situation. If you're doing any kind of work with raster graphics, using floating points wouldn't make sense because you can't ever have less than a whole pixel. If you're doing scientific work you probably would want to use floating points though to preserve accuracy. Pi as an integer is just 3.

Re: printf vs puts

There is a security concern that makes it better to call puts() over printf() if you don't need the formatting function.

Don't do this:printf(someStr); either use this: printf("%s", someStr) or use puts().

I have also seen people say don't use printf("Static String");

The concern has to do with using a HEX editor to change "Static String\n" into something like "%sactic String" -- which would more than likely crash the program. However, I am not sure this would work, and I if it does, what is to stop the Hax0r (for it must be a Hax0r) from editing any valid format string?

gets() has a similar fault in that you can't control the size of the input. The user can cause your program to crash by holding his figure on a key an causing a buffer overrun.

Rather than use gets() you should use fgets() since you can specify a size of the buffer. fgets(buffer, length, stdin);

Google books has "Hacking Exposed" which has a nice chapter on this kind of stuff.

Re: printf vs puts

There is a security concern that makes it better to call puts() over printf() if you don't need the formatting function.

Don't do this:printf(someStr); either use this: printf("%s", someStr) or use puts().

I have also seen people say don't use printf("Static String");

The concern has to do with using a HEX editor to change "Static String\n" into something like "%sactic String" -- which would more than likely crash the program. However, I am not sure this would work, and I if it does, what is to stop the Hax0r (for it must be a Hax0r) from editing any valid format string?

gets() has a similar fault in that you can't control the size of the input. The user can cause your program to crash by holding his figure on a key an causing a buffer overrun

I don't see how someone being able to open up the executable with a hex editor to change things would be considered a security vulnerability. If they could do that, couldn't they just replace it with EvilTrojanVirus.exe?

Re: printf vs puts

Posted 12 August 2008 - 02:18 PM

Yea I have never quite agreed with that either. Not all H4x0rs are sophisticated enough to actually replace the code so they may just look for stings (I used to replace strings all the time Liked to change "Help" to "Hell" and what not... I outgrew that... mostly).

But if your worried about HEX editors there are lots of things that can be done to crash a program (just randomly replace bytes). I mentioned it because it popped into my head as I was typing...

but the first concern: printf(somestr) is bad if "somestr" is input by the user, because then they can just type in some format string... no hex editor needed to crash your program.